Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/tfMhyoCAwef_h-Z6sHOqruchZBw.roa
File:                     tfMhyoCAwef_h-Z6sHOqruchZBw.roa (raw, json)
Hash identifier:          Vm4p9lWk+dyS8xUI43ELEZzmPF8LCOKJ52R2v1+j6j0=
Subject key identifier:   B5:F3:21:CA:80:80:C1:E7:FF:87:E6:7A:B0:73:AA:AE:E7:21:64:1C
Certificate issuer:       /CN=e19a3bae48c95566314d60efa889f3d65f9bdd41
Certificate serial:       01999ADAED6D0797A155B71BDD82D6E148B3
Authority key identifier: E1:9A:3B:AE:48:C9:55:66:31:4D:60:EF:A8:89:F3:D6:5F:9B:DD:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Zo7rkjJVWYxTWDvqInz1l-b3UE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/tfMhyoCAwef_h-Z6sHOqruchZBw.roa
Signing time:             Tue 30 Sep 2025 13:41:02 +0000
ROA not before:           Tue 30 Sep 2025 13:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213658
IP address blocks:        185.130.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/4Zo7rkjJVWYxTWDvqInz1l-b3UE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/4Zo7rkjJVWYxTWDvqInz1l-b3UE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Zo7rkjJVWYxTWDvqInz1l-b3UE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:da:ed:6d:07:97:a1:55:b7:1b:dd:82:d6:e1:48:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e19a3bae48c95566314d60efa889f3d65f9bdd41
        Validity
            Not Before: Sep 30 13:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5f321ca8080c1e7ff87e67ab073aaaee721641c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6d:75:7a:8c:6b:38:04:08:20:29:29:e5:79:
                    de:62:64:20:ba:5c:bd:c6:25:03:6c:0c:70:fc:74:
                    fa:91:1c:31:f2:6e:d0:4e:ad:d4:4c:bf:10:8d:68:
                    82:0c:6e:26:c5:7b:cb:ec:37:41:87:3c:46:e5:44:
                    cd:fe:2a:10:43:47:fb:9c:d6:f5:32:b8:5e:ea:79:
                    0c:3e:aa:7a:76:ae:10:6b:d0:9f:ac:ab:a6:6f:b6:
                    f7:d3:4f:7e:ae:aa:53:39:54:c0:53:2d:ea:bb:37:
                    c3:4b:d6:82:6a:c3:79:44:05:65:18:33:ab:4d:65:
                    8b:cb:82:2f:76:fd:8f:78:6c:db:f7:e1:89:ab:ac:
                    33:1e:ca:06:fa:dc:6f:eb:48:5b:b0:c8:91:e1:8c:
                    71:06:8e:55:d5:65:51:5d:aa:60:c6:f6:34:93:3c:
                    f0:0a:e0:68:96:e8:7a:a5:d4:66:34:e2:f8:92:4c:
                    a4:92:00:94:13:79:a1:2a:19:5f:2d:d6:01:e5:90:
                    ee:e9:95:a7:a6:02:33:38:e6:ce:f3:c4:37:80:16:
                    35:ab:80:d8:24:f6:04:9a:62:f2:66:35:e9:59:e1:
                    53:53:d4:6d:51:69:13:fb:be:7c:5e:a6:bd:51:96:
                    c5:e9:4c:9b:a4:16:1e:66:89:6b:76:82:f1:60:42:
                    60:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F3:21:CA:80:80:C1:E7:FF:87:E6:7A:B0:73:AA:AE:E7:21:64:1C
            X509v3 Authority Key Identifier:
                keyid:E1:9A:3B:AE:48:C9:55:66:31:4D:60:EF:A8:89:F3:D6:5F:9B:DD:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Zo7rkjJVWYxTWDvqInz1l-b3UE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/tfMhyoCAwef_h-Z6sHOqruchZBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/630d0a-45b8-46c4-8c02-9184a91b8ae1/1/4Zo7rkjJVWYxTWDvqInz1l-b3UE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:79:e3:6e:29:ca:7b:47:25:7e:d5:38:13:d5:6c:df:78:b4:
         92:8b:3b:46:12:01:9b:86:54:9f:cb:a6:81:e2:18:6a:2e:79:
         f0:a9:60:47:34:ba:68:58:1e:dc:11:df:8e:8a:2b:8e:05:2d:
         5b:f6:91:6a:a4:08:47:c9:08:46:76:e9:33:2a:97:02:09:96:
         2a:13:0d:d1:be:30:05:50:4e:65:22:2d:93:e0:7f:84:62:ae:
         e5:ea:cf:bd:c8:5a:28:7e:d4:3c:c3:5c:3b:f9:99:ba:6a:42:
         b3:1a:57:38:6b:1e:9e:59:ef:ff:ba:78:7b:7b:3f:44:ef:d7:
         18:a6:26:da:30:53:d5:fb:8d:b6:7d:cc:1d:8c:39:8c:f9:bf:
         db:3d:2d:29:7f:79:2a:6d:9b:9c:7e:1a:77:10:d6:91:4e:22:
         0b:24:5a:81:aa:f4:d3:60:a6:14:65:1b:f0:a3:0d:bb:86:2e:
         98:fd:0d:1f:e9:58:b0:b1:40:79:d1:03:ec:e7:ad:e8:4e:f0:
         18:67:59:b6:1d:bd:83:22:78:e5:ec:cb:7e:1c:53:0d:0c:2f:
         6b:76:34:21:2d:fa:8a:4b:23:a8:1e:3a:09:2d:6f:a5:2b:81:
         e7:f1:be:a0:36:ad:16:c5:9c:85:ba:57:fb:9f:dc:3f:3b:86:
         d0:6f:3c:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZma2u1tB5ehVbcb3YLW4UizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxOWEzYmFlNDhjOTU1NjYzMTRkNjBlZmE4ODlmM2Q2NWY5
YmRkNDEwHhcNMjUwOTMwMTM0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWYzMjFjYTgwODBjMWU3ZmY4N2U2N2FiMDczYWFhZWU3MjE2NDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW11eoxrOAQIICkp5XneYmQguly9
xiUDbAxw/HT6kRwx8m7QTq3UTL8QjWiCDG4mxXvL7DdBhzxG5UTN/ioQQ0f7nNb1
Mrhe6nkMPqp6dq4Qa9CfrKumb7b3009+rqpTOVTAUy3quzfDS9aCasN5RAVlGDOr
TWWLy4Ivdv2PeGzb9+GJq6wzHsoG+txv60hbsMiR4YxxBo5V1WVRXapgxvY0kzzw
CuBoluh6pdRmNOL4kkykkgCUE3mhKhlfLdYB5ZDu6ZWnpgIzOObO88Q3gBY1q4DY
JPYEmmLyZjXpWeFTU9RtUWkT+758Xqa9UZbF6UybpBYeZolrdoLxYEJgnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXzIcqAgMHn/4fmerBzqq7nIWQcMB8GA1UdIwQY
MBaAFOGaO65IyVVmMU1g76iJ89Zfm91BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFpvN3JrakpWV1l4VFdEdnFJbnoxbC1iM1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82MzBkMGEtNDViOC00NmM0LThjMDIt
OTE4NGE5MWI4YWUxLzEvdGZNaHlvQ0F3ZWZfaC1aNnNIT3FydWNoWkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82MzBkMGEtNDViOC00NmM0LThjMDItOTE4NGE5MWI4YWUx
LzEvNFpvN3JrakpWV1l4VFdEdnFJbnoxbC1iM1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYJmMA0G
CSqGSIb3DQEBCwUAA4IBAQC9eeNuKcp7RyV+1TgT1WzfeLSSiztGEgGbhlSfy6aB
4hhqLnnwqWBHNLpoWB7cEd+OiiuOBS1b9pFqpAhHyQhGdukzKpcCCZYqEw3RvjAF
UE5lIi2T4H+EYq7l6s+9yFooftQ8w1w7+Zm6akKzGlc4ax6eWe//unh7ez9E79cY
pibaMFPV+422fcwdjDmM+b/bPS0pf3kqbZucfhp3ENaRTiILJFqBqvTTYKYUZRvw
ow27hi6Y/Q0f6ViwsUB50QPs563oTvAYZ1m2Hb2DInjl7Mt+HFMNDC9rdjQhLfqK
SyOoHjoJLW+lK4Hn8b6gNq0WxZyFulf7n9w/O4bQbzwR
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:10 2025 by rpki-client